Federal banking regulators issued a joint assertion as we speak emphasizing that banks concerned in bitcoin and crypto-assets-related custody and different actions by following present legal guidelines and sustaining sturdy threat controls. The assertion, issued by the Federal Reserve, OCC, and FDIC, clarifies that it doesn’t introduce new guidelines however reminds banks of their obligations when dealing with bitcoin and different crypto on behalf of consumers.
“Banking organizations could present safekeeping for crypto-assets in a fiduciary or a nonfiduciary capability,” the doc said. “Banking organizations that present crypto-asset safekeeping in a fiduciary capability should adjust to 12 CFR 9 or 150, as relevant, state legal guidelines and rules, and some other relevant authorized provisions, such because the instrument that created the fiduciary relationship.”
The companies emphasize that safekeeping bitcoin and different crypto-assets, primarily by way of management of consumers’ cryptographic keys, requires sturdy cybersecurity, operational experience, and full authorized compliance. Banks providing these providers have to be ready to guard towards dangers similar to key loss, cyberattacks, and unauthorized asset transfers.
In addition they notice that bitcoin and different crypto safekeeping could demand specialised workers, safe infrastructure, and fixed monitoring of evolving applied sciences. Regulatory necessities like anti-money laundering (AML), countering the financing of terrorism (CFT), and OFAC sanctions nonetheless apply.
“Like all different banking actions, crypto-asset safekeeping relationships are topic to relevant Financial institution Secrecy Act/anti-money laundering (BSA/AML), countering the financing of terrorism (CFT), and Workplace of International Belongings Management (OFAC) necessities,” mentioned the doc.
The assertion additionally warns that banking organizations ought to conduct a full threat evaluation earlier than participating in bitcoin and different crypto safekeeping. This consists of evaluating the character of various crypto-assets, the expertise used, and the authorized obligations concerned.
“Topic to the phrases and circumstances within the buyer settlement, a banking group is chargeable for the actions carried out by the sub-custodian…” the doc talked about. “Conducting due diligence earlier than collection of a sub-custodian is a crucial a part of sound threat administration, and consists of evaluating the effectiveness of the sub-custodian’s cryptographic key-management resolution, together with polices, processes, and inner controls, in addition to its adherence to straightforward safekeeping threat administration practices.”